How to use the jsrsasign.KEYUTIL function in jsrsasign
To help you get started, we’ve selected a few jsrsasign examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
oauthinaction / oauth-in-action-code / exercises / ch-8-ex-1 / client.js View on Github 
if (tokRes.statusCode >= 200 && tokRes.statusCode < 300) {
var body = JSON.parse(tokRes.getBody());
access_token = body.access_token;
console.log('Got access token: %s', access_token);
if (body.refresh_token) {
refresh_token = body.refresh_token;
console.log('Got refresh token: %s', refresh_token);
}
if (body.id_token) {
console.log('Got ID token: %s', body.id_token);
// check the id token
var pubKey = jose.KEYUTIL.getKey(rsaKey);
var signatureValid = jose.jws.JWS.verify(body.id_token, pubKey, ['RS256']);
if (signatureValid) {
console.log('Signature validated.');
var tokenParts = body.id_token.split('.');
var payload = JSON.parse(base64url.decode(tokenParts[1]));
console.log('Payload', payload);
if (payload.iss == 'http://localhost:9001/') {
console.log('issuer OK');
if ((Array.isArray(payload.aud) && _.contains(payload.aud, client.client_id)) ||
payload.aud == client.client_id) {
console.log('Audience OK');
var now = Math.floor(Date.now() / 1000);
if (payload.iat <= now) {
console.log('issued-at OK');if (tokRes.statusCode >= 200 && tokRes.statusCode < 300) {
var body = JSON.parse(tokRes.getBody());
access_token = body.access_token;
console.log('Got access token: %s', access_token);
if (body.refresh_token) {
refresh_token = body.refresh_token;
console.log('Got refresh token: %s', refresh_token);
}
if (body.id_token) {
console.log('Got ID token: %s', body.id_token);
// check the id token
var pubKey = jose.KEYUTIL.getKey(rsaKey);
var signatureValid = jose.jws.JWS.verify(body.id_token, pubKey, ['RS256']);
if (signatureValid) {
console.log('Signature validated.');
var tokenParts = body.id_token.split('.');
var payload = JSON.parse(base64url.decode(tokenParts[1]));
console.log('Payload', payload);
if (payload.iss == 'http://localhost:9001/') {
console.log('issuer OK');
if ((Array.isArray(payload.aud) && _.contains(payload.aud, client.client_id)) ||
payload.aud == client.client_id) {
console.log('Audience OK');
var now = Math.floor(Date.now() / 1000);
if (payload.iat <= now) {
console.log('issued-at OK');}
})
// Sort query string
var sortedQuery = '';
let sortedKeys = Object.keys(object).sort((a, b) => a > b);
for (var i = 0; i < sortedKeys.length; i++) {
let key = sortedKeys[i];
let value = object[key];
sortedQuery += `${(i === 0) ? '' : '&'}${encodeURIComponent(key)}=${encodeURIComponent(value)}`;
}
// Create signature
let alg = {RSA: 'SHA1withRSA', RSA2: 'SHA256withRSA'}[object.sign_type];
let sig = new RSASign.KJUR.crypto.Signature({alg});
sig.init(RSASign.KEYUTIL.getKey(privateKey));
sig.updateString(sortedQuery);
let sign = Buffer.from(sig.sign(), 'hex').toString('base64');
sortedQuery += `&sign=${encodeURIComponent(sign)}`;
return sortedQuery;
}global.hfc.config = undefined;
}
require('nconf').reset();
const tape = require('tape');
const _test = require('tape-promise').default;
const test = _test(tape);
const util = require('util');
const testutil = require('./util.js');
const {Utils:utils} = require('fabric-common');
const fs = require('fs-extra');
const path = require('path');
const os = require('os');
const jsrsa = require('jsrsasign');
const KEYUTIL = jsrsa.KEYUTIL;
const CouchdbMock = require('mock-couch');
const nano = require('nano');
const ecdsaKey = require('fabric-common/lib/impl/ecdsa/key.js');
const CKS = require('fabric-common/lib/impl/CryptoKeyStore.js');
const CouchDBKeyValueStore = require('fabric-common/lib/impl/CouchDBKeyValueStore.js');
const TEST_KEY_PRIVATE_PEM = '-----BEGIN PRIVATE KEY-----' +
'MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgZYMvf3w5VkzzsTQY' +
'I8Z8IXuGFZmmfjIX2YSScqCvAkihRANCAAS6BhFgW/q0PzrkwT5RlWTt41VgXLgu' +
'Pv6QKvGsW7SqK6TkcCfxsWoSjy6/r1SzzTMni3J8iQRoJ3roPmoxPLK4' +
'-----END PRIVATE KEY-----';
const TEST_KEY_PRIVATE_CERT_PEM = '-----BEGIN CERTIFICATE-----' +
'MIICEDCCAbagAwIBAgIUXoY6X7jIpHAAgL267xHEpVr6NSgwCgYIKoZIzj0EAwIw' +
'fzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh' +
'biBGcmFuY2lzY28xHzAdBgNVBAoTFkludGVybmV0IFdpZGdldHMsIEluYy4xDDAK' +if (__.contains(code.scope, 'openid')) {
var ipayload = {
iss: 'http://localhost:9001/',
sub: code.user.sub,
aud: client.client_id,
iat: Math.floor(Date.now() / 1000),
exp: Math.floor(Date.now() / 1000) + (5 * 60)
};
if (code.request.nonce) {
ipayload.nonce = code.request.nonce;
}
var istringHeader = JSON.stringify(header);
var istringPayload = JSON.stringify(ipayload);
var privateKey = jose.KEYUTIL.getKey(rsaKey);
var id_token = jose.jws.JWS.sign(rsaKey.alg, istringHeader, istringPayload, privateKey);
console.log('Issuing ID token %s', id_token);
token_response.id_token = id_token;
}
res.status(200).json(token_response);
console.log('Issued tokens for code %s', req.body.code);
return;
} else {
console.log('Client mismatch, expected %s got %s', code.request.client_id, clientId);
res.status(400).json({error: 'invalid_grant'});
return;certificatelist.keys.push(jwk2);
}
response.writeHead(200, {
"Content-Type": "application/json"
});
response.end(JSON.stringify(certificatelist));
}
} else {
response.writeHead(404, {
"Content-Type": "application/json"
});
response.end(JSON.stringify(err));
}
var prvKeyObj = rs.KEYUTIL.getKey(privateKey);
var private_key_kid = apigee.getVariable(request, "private.private_key_kid") || null;
if (private_key_kid !== null) {
jwtHeader.kid = private_key_kid;
}
var signed_token = {
"token": jws.sign({header: jwtHeader, payload: token, secret: privateKey})
//rs.jws.JWS.sign("RS256", JSON.stringify(jwtHeader), token, prvKeyObj)
};
response.writeHead(200, {
"Content-Type": "application/json"
});
response.end(JSON.stringify(signed_token));
} catch (error) {
response.writeHead(500, {
"Content-Type": "application/json"
});function getPEM(decodedToken, keys) {
var i = 0;
debug("jwk kid " + decodedToken.headerObj.kid);
for (; i < keys.length; i++) {
if (keys.kid === decodedToken.headerObj.kid) {
break;
}
}
var publickey = rs.KEYUTIL.getKey(keys.keys[i]);
return rs.KEYUTIL.getPEM(publickey);
}getPEM(decodedToken, keys) {
var i = 0;
debug('jwk kid ' + decodedToken.headerObj.kid);
for (; i < keys.length; i++) {
if (keys.kid === decodedToken.headerObj.kid) {
break;
}
}
var publickey = rs.KEYUTIL.getKey(keys.keys[i]);
return rs.KEYUTIL.getPEM(publickey);
}signIn(email, password, provider, code) {
let pwd = uuidv4().toLowerCase();
let ec = new KJUR.crypto.ECDSA({'curve': 'secp256r1'});
let pub = ec.generateKeyPairHex().ecpubhex;
let priv = KJUR.KEYUTIL.getPEM(ec, 'PKCS8PRV', pwd);
let data = {session_secret: this.fixed_schema_header + pub, code: code, email: email, password: password};
let request;
if (code) {
request = this.api.axios.post(`/oauth/${provider}`, data);
} else {
request = this.api.axios.post('/sessions', data);
}
return request.then((resp) => {
if (resp.error) {
return resp;
}
let data = resp.data;
Cookies.set('sid', pwd, { expires: 365 });
window.localStorage.setItem('token', priv);
window.localStorage.setItem('uid', data.user_id);
window.localStorage.setItem('sid', data.session_id);result.verifiedIssuerRootPubkeys = issuerRootPubkeys.some(rawPublicKey => {
const x509PublicKey = rs.KEYUTIL.getKey(rawPublicKey);
return x509.verifySignature(x509PublicKey);
});
if (!result.verifiedIssuerRootPubkeys) {jsrsasign
opensource free pure JavaScript cryptographic library supports RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp and CAdES and JSON Web Signature(JWS)/Token(JWT)/Key(JWK)
Package Health Score
75 / 100Popular jsrsasign functions
- jsrsasign.asn1
- jsrsasign.ASN1HEX
- jsrsasign.b64utoutf8
- jsrsasign.BigInteger
- jsrsasign.crypto
- jsrsasign.hextob64u
- jsrsasign.hextorstr
- jsrsasign.jws
- jsrsasign.jws.IntDate
- jsrsasign.jws.JWS
- jsrsasign.KEYUTIL
- jsrsasign.KEYUTIL.getJWKFromKey
- jsrsasign.KEYUTIL.getKey
- jsrsasign.KEYUTIL.getKeyFromPlainPrivatePKCS8PEM
- jsrsasign.KJUR
- jsrsasign.KJUR.crypto
- jsrsasign.KJUR.jws
- jsrsasign.SecureRandom
- jsrsasign.stob64
- jsrsasign.X509